North Korea-linked hackers 'highly likely' behind WannaCry: Symantec

SAN FRANCISCO (Reuters) - Cybersecurity firm Symantec Corp. said on Monday it was "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber-attack this month that infected more than 300,000 computers worldwide and disrupted operations at hospitals, banks and schools across the globe.

Lazarus has been linked to the hack on Sony Pictures, for which the US government blamed North Korea, and a wave of attacks on banks around the world, including a major theft from Bangladesh's central bank.

While this isn't a smoking gun, as cybercriminals and state-sponsored groups steal and rework each other's code, it's strong evidence North Korea is involved somehow.

Trojan.Bravonc used the same IP addresses for command and control as Backdoor.Duuzer and Backdoor.Destover, both of which have been linked to Lazarus.

Symantec's researchers have uncovered a potential link between the WannaCry ransomware worm, that hit systems just over a week ago, and code used by the Lazarus Group, the hackers that attacked Sony in 2015 and $81M theft from the Bangladesh Central Bank and are believed to be based in North Korea.

Updated: U.S. cybersecurity firm FireEye also published a research blog post Tuesday offering what it described as additional evidence connectingWannaCry to the Lazarus Group.

Cyber security vendors including Symantec have linked WannaCry to the Lazarus Group, allegedly a group of North Korean hackers, but a think tank has called for caution amid the finger-pointing. Additional fingerprints linked Lazarus Group to hacks that wiped nearly a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank previous year.

"It is ridiculous", Kim In-Ryong, North Korea's deputy ambassador to the United Nations, told reports on Friday, suggesting the US and South Korea were behind the allegation.

In those attacks, the group is believed to have worked on behalf of North Korea's government.

Duzzer, which has previously been linked to Lazarus as well.

Two different backdoors were used to deploy WannaCry in these attacks: Trojan.Alphanc and Trojan.Bravonc. The attacks, collectively, are "more typical of a cyber crime campaign".

An email from the chair of the panel of experts said the attack is not the first attempt to compromise a device belonging to the group in charge of monitoring sanctions on North Korea. If a successful connection is made to a remote computer, and there is no file with a.res extension in either the Admin$, or C$\Windows folders, then hptasks.exe will copy the files listed in Table 2 onto the remote computer.

In addition, Scott claims that while Symantec highlighted some of the tools used in WannaCry associated with Lazarus, it ignored other tools used that weren't.

RECCOMENDED STORIES

Leahy Slams Trump's 'Election Integrity' Commission
The commission will be charged with reviewing Trump's allegations that millions of people voted illegally in the 2016 election . Trump won the presidency with an Electoral College victory even though Clinton received almost 3 million more votes.

Wal-Mart sees gains in e-commerce, lifting shares
Shares of Walmart rose 2% in early trading Thursday on the news, adding to the stock's already impressive year-to-date rally. Sales of general merchandise were down during the three month period due mainly from delays in checks for tax refunds.

Moody's cuts China's rating on debt concerns
While economic expansion will remain relatively high, growth rates are likely to fall in the years ahead, the ratings agency said. An investor looks at an electronic board showing stock information at a brokerage house in Beijing, China, June 24, 2016.

Twitter reacts to Sixers fortune in 2017 NBA Draft Lottery
But I think that it's going to be a tough choice for us where we sit at No. 1. 'Game last night, Game 7, a tough Washington team. The draft is considered a strong one, loaded with talented point guards such as Markelle Fultz , Lonzo Ball and De'Aaron Fox.

Kulbhushan Jadhav a spy, India has no case: Pakistan to ICJ
Not just had all requests for consular access fallen on "deaf ears", the trial was conducted without providing Jadhav his rights. India also told the court that the Indian national who has been framed in Pakistan has been denied any consular access.